Information concerning the data breach in December 2018

Answering the most important questions about the incident

1. What happened?

On the 11.12.2018, we gained knowledge of the fact that an unknown, unauthorized third party, was able to copy part of our customer database.

2. What measures have been taken by IPC-Computer?

IPC-Computer immediately took measures to prohibit any further unauthorised access of data. Furthermore law-enforcement and the data protection authority have been informed immediately and criminal charges have been filed.

To avoid any further data leakage or an unauthorized access of user data, all user passwords have been locked. You can use the following link to enter a new password and regain access to your account.

Password reset

3. What data may have been leaked?

The attackers were able to access the following data on our system.

  • Names
  • E-Mail addresses
  • Encrypted passwords

In a few select cases (less than 1% of users) the attackers were also able to gain access to address information, such as street name, postcode and city.

4. Was credit card or any other payment information leaked?

No. IPC-Computer does not store any credit card or other payment information.

5. Has information concerning products and purchases been accessed.

No such data has been accessed. The attack was exclusively focused on names, passwords, e-mails and addresses.

6. How does IPC-Computer protect user passwords?

IPC-Computer adds a so-called Salt to every password and they are only stored in hashed form. The Salt is a randomly generated character string, which is combined with the password prior to hashing it.

Hashing is a mathematical process, which can only be executed in one way. The passwords can only be guessed by trying every possible combination to decrypt it. The longer and more complex the password is, the harder it is to guess it. Additionally, by using Salts the difficulty of decrypting the passwords is increased significantly. This is because the length of the password is increased, and the attackers also must extract the Salt from the actual password.

A password with eight characters consisting of upper- and lower-case letters and numbers has 218.340.105.584.896 (that is over 218 trillion) possibilities for encryption.

7. What password did I use on the IPC-Computer website?

Since all passwords are stored encrypted, we have no possibility of seeing it unencrypted.

8. Is there already any information, on who performed the attack.

During the analysis of the incident, we were able to save suspicious IP-Addresses and relayed them to law enforcement. As far as we know these IP-Addresses are not from Germany. Law-enforcement is still investigation the attack.

9. Why should I not use one password for multiple websites?

By using unique password for every website or service, you can make sure, that even if attackers manage to successfully obtain and decrypt your password, they are not able to access any other of your services.

Attackers often try to use the obtained data to log into other websites and services to send spam e-mails, obtain money or further information.

10. What can I do as a customer?

  • If you used the same login credential as you used in our shop on any other platform, we urge you to change it as soon as possible. It is generally advisable to use different safe passwords on every website.
  • To be able to use our shop again you will need to use the above link to reactivate your account.

11. I tried resetting my password, but there is an error message, that the e-mail address I entered is not registered.

We sent an information e-mail to all e-mail addresses known to us. These can be from orders, repairs or returns.